CVE-2026-16199
Received Received - Intake

Improper Authorization in GoClaw via ExecTool.Execute

Vulnerability report for CVE-2026-16199, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-19

Last updated on: 2026-07-19

Assigner: VulDB

Description

A flaw has been found in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This affects the function ExecTool.Execute of the file goclaw/internal/tools/credentialed_exec.go. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been published and may be used.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-19
Last Modified
2026-07-19
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nextlevelbuilder goclaw to 3.13.3-beta.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-16199 is an authorization bypass flaw in GoClaw's secure-CLI execution mechanism. It allows authenticated users to bypass security checks by wrapping a registered secure CLI (like 'gh') inside a PowerShell -EncodedCommand wrapper. The system fails to inspect the inner command, only checking the outer binary (pwsh), enabling unauthorized execution of high-risk binaries without required permissions.

Detection Guidance

Check GoClaw logs for PowerShell -EncodedCommand usage with registered secure CLIs like 'gh'. Monitor for unauthorized execution of tenant-registered binaries without grants. Inspect network traffic for suspicious PowerShell activity targeting GoClaw endpoints.

Impact Analysis

This vulnerability allows attackers with valid credentials to execute unauthorized commands through GoClaw's secure-CLI system. They could abuse permissions to perform actions like repository administration or cloud control-plane access without proper authorization. The exploit can be launched remotely and has a published proof-of-concept.

Compliance Impact

The vulnerability allows unauthorized execution of high-risk binaries without proper authorization, which could lead to unauthorized access to sensitive data or systems. This may violate compliance requirements under GDPR (data protection) and HIPAA (healthcare data privacy) by enabling unauthorized data exposure or manipulation.

Mitigation Strategies

Upgrade GoClaw to versions beyond 3.13.3-beta.3 where the vulnerability is patched. Implement stricter input validation to block PowerShell -EncodedCommand wrappers. Review and revoke any unauthorized grants for tenant-registered binaries.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16199. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart